php登录到mysql加密密码
[英]php login to mysql encrypted password
问题描述
I'm trying to setup a php login form into a existing database that i do not want to modify, it seems I've made all the right connections to the DB and the right tables, but the password is encrypted and when i try to login it says "Wrong password. Try again 
我正在尝试将php登录表单设置到我不想修改的现有数据库中,似乎我已经与数据库和正确的表建立了所有正确的连接,但是密码已加密,当我尝试登录时显示“密码错误。请重试
this is my code 这是我的代码
/**
* log in with post data
*/
private function dologinWithPostData()
{
// check login form contents
if (empty($_POST['user_name'])) {
$this->errors[] = "Username field was empty.";
} elseif (empty($_POST['user_password'])) {
$this->errors[] = "Password field was empty.";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
// create a database connection, using the constants from config/db.php (which we loaded in index.php)
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// change character set to utf8 and check it
if (!$this->db_connection->set_charset("utf8")) {
$this->errors[] = $this->db_connection->error;
}
// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// escape the POST stuff
$user_name = $this->db_connection->real_escape_string($_POST['user_name']);
// database query, getting all the info of the selected user (allows login via email address in the
// username field)
$sql = "SELECT nickname, user_email, user_password
FROM tbl_users
WHERE nickname = '" . $user_name . "' OR user_email = '" . $user_name . "';";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
// write user data into PHP SESSION (a file on your server)
$_SESSION['nickname'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong password. Try again.";
}
} else {
$this->errors[] = "This user does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
how can i make this login to the DB since the passwords stored in the DB are encrypted? 由于数据库中存储的密码已加密,我如何登录数据库?
1 个解决方案
解决方案1
1 2015-09-07 22:37:37
Passwords are probably hashed first you must determine which hashing function used at storing passwords at your database. 密码可能首先被散列,您必须确定在数据库中存储密码时使用的散列函数 。 Then you can do it like below i assumed passwords are hashed using md5 which is widely used but exploitable but if password is also salted im afraid you have to learn salt word too else it is next to impossible based on used hashing algorithm. 然后,您可以像下面那样进行操作,我假设使用广泛使用但可利用的md5对密码进行哈希处理,但是如果密码也添加了盐,恐怕您也必须学习盐单词,否则基于使用的哈希算法几乎是不可能的。 Also using this way to access to database is really vulnerable i really suggest for you to look into PDO . 同样,使用这种方式访问数据库确实很容易受到攻击,我真的建议您研究PDO 。
$sql = "SELECT nickname, user_email, user_password
FROM tbl_users
WHERE nickname = '" . $user_name . "' OR user_email = '" . $user_name . "'AND user_password = ''" . md5($user_password)."'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.